Dir, Information Security Ops
The Director of Information Security Operations provides vision, leadership and expertise to develop and support information security management, operation, and tactical controls. This position serves as the expert on cybersecurity protection, detection, response and recovery. This position will work closely with OIT leadership to identify and assess information security risks and assist with the development and operationalization of information security risk management strategies and plans.
1. In collaboration with department leadership, develop information security programs and projects that address identified risks and college information security requirements.
2. Manage the process of gathering, analyzing and assessing the current and future threat landscape. Manage information security events and incidents, as well participate in problem and change management processes.
3. Develop budget projections based on short- and long-term goals and objectives to support decision-making.
4. Monitor and report on compliance with information security policies, as well as the enforcement of policies within the OIT department; propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
5. Manage professional and technical staff, as well as service providers responsible for the evaluation, implementation, monitoring, and day-to-day operational support of enterprise-wide information security tools, policies, and procedures.
6. Craft and communicate information security awareness and education for audiences ranging from students, faculty, staff and college guests.
7. Establish mutually acceptable contracts and service-level agreements with vendors in collaboration with college partners at OIT, contracts, legal, and procurement departments. Manage third-party services and related vendors that provide information security functions for compliance with contracted service-level agreements.
8. In concert with OIT leadership, define metrics and reporting strategies that effectively communicate successes and progress of the information security program; coordinate, measure and report on the technical aspects of information security management.
9. Provide support and guidance for legal and regulatory compliance efforts, including audit support; assist resource owners and OIT staff in understanding and responding to security audit failures reported by auditors. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
10. Consult with OIT leadership and staff to ensure that information security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software; work with OIT leadership and staff to develop and implement controls and configurations aligned with information security policies and legal, regulatory and audit requirements.
11. Research, evaluate, design, test, recommend, or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of information security tools.
12. Manage and coordinate operational components of information security incident management, including detection, response, and reporting. Guide day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and create communications about residual risk.
13. Manage information security projects and provide expert guidance on information security matters for other OIT projects.
14. Collaborate with and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing, and maintenance of disaster recovery plans.
15. Design, coordinate and oversee information security testing procedures to verify the confidentiality, integrity and availability of information resources and manage the remediation of identified risks.
16. Other duties as assigned.
1. Bachelor's Degree [required] in technical or business discipline.
2. Significant and progressive experience in the IT industry, in an information security role [required].
3. Experience managing an IT team [required].
4. Experience with common information security frameworks, such as NIST CSF, ISO 2700x, CIS Critical Security Controls [required].
5. Experience with performing risk, business impact, control and vulnerability assessments, and defining treatment strategies [required].
6. Experience with implementing projects in compliance with applicable legal and regulatory requirements, including, but not limited to, GDPR, HIPAA, FERPA, GLBA, Florida Information Protection Act, Red Flags, and other industry-specific obligations such as PCI-DSS [required].
7. Appropriate certifications in information security, audit, and/or risk management, eg: Current CISSP, CISM, CISA [preferred].
8. Experience working with legal, audit, and compliance staff to identify and manage risk and IT security concerns [preferred].
9. Experience developing and maintaining IT policies, procedures, standards and guidelines [preferred].
10. Available after College’s business hours to manage critical security concerns.
11. A demonstrated commitment to equity and inclusion.
12. Must be able to perform all of the essential functions of the job with or without reasonable accommodation.
1. Understanding of the organization’s goals, objectives, and key cyber threats and risks to those objectives.
2. Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques.
3. In-depth knowledge of project planning methodologies and tools and IT standards and guidelines.
4. Secure coding practices, ethical hacking and threat modeling.
5. Ability to prioritize and execute tasks in a high-pressure environment.
6. Knowledge of applicable information security standards and regulatory requirements.
7. Strong written and oral communication skills.
8. Strong interpersonal skills and ability to collaborate effectively.
9. Ability to work effectively in a diverse community and meet the needs of diverse student populations.
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. While performing the duties of this job, the noise level in the work environment is usually quiet to moderate.
While performing the duties of this job, the employee is frequently required to sit and reach with hands and arms. The employee is regularly required to use hands to finger, handle, or feel objects, tools, or controls; type/keyboard; and talk or hear. The employee is occasionally required to stand and walk. Employee must on occasion lift/move up to 10 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and the ability to adjust focus.